Results 1 to 25 of 25
  1. #1

    Moving away from dreamhost

    i'm hosted on dreamhost, with shared package.
    i have joomla installed on my site, its 1.0.14 i think if not 13.
    my site is getting hacked everyday almost.
    the attack only changes the index files on all folders.

    dreamhost wont do anything. i'll post their response they've given me recently. i am asking them for the source of attack and point of entry but they just simply ignore my email.

    Anyone has an idea which host should i go to. i called 1and1 today, thats where my domains are registered and the guy didnt know what he was talking about. he's like "we are hack proof" and then he said "we fully support joomla" i said cool do you support its installation and configuration he says no and then another 2 min talk.

    anyways anyone would suggest me a good alternative?

  2. #2
    Join Date
    Jul 2005
    Location
    Milton Keynes, UK
    Posts
    411
    Most hosts will allow you to host Joomla as its just a PHP/MYSQL script.

    When your hacked, do you know if its your script or the dreamhost server? If its your site this could be security issues in the realise of Joomla your using.
    MK Hosting - Reliable Affordable UK Hosting Since 2005
    www.mkhosting.co.uk
    Shared Hosting - Reseller hosting - Dedicated Servers - VPS - Colocation - IT Services

  3. #3
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    If you're on the latest version (1.0.13 or 14RC) then it's most likely one of your components that's insecure. And to be fair, it's not the host's job to protect you from being hacked through something you installed yourself. It does sound like they're not giving you much help to find out though, so maybe another host would be better for that. What components are you using?

    Bottom line: Pretty much whatever host you use you'll be able to install Joomla, and if your site is insecure at DH it'll be just as insecure elsewhere.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  4. #4
    thats what i thought fobic.
    i've joomla with gallery2, YanC, MostlyICe, letterman, joomlalib, community builder and the Quran components with modules. on another section of the site there's jinzora music script.

    so i googled gallery2 and they said they dont have any hacking issues at all, and i upgraded from jinzora 2 to jinzora 3 so that should've covered the issue too.

    i had mambo before but i upgraded to joomla 1.0.14 now which is the latest and most secure. but still have problem. the hack adds <A> tag links at the end of the html and php files and in some cases just replaces the original file.

    now a weird thing is that one of my folder which has only jpg, gif and html files is having the same problem.

  5. #5

    Hmm

    I havent even heard of dream hosts good luck finding another host though

  6. #6
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    lalten, I don't know those components but many Joomla components aren't well written so even if you have the latest versions they may not be secure. Checking the logs might help you - look for any unusual requests, and particularly at anything that allows a user to upload files.

    The other possibility is that in a previous attack your hacker could have installed a back-door to your site. I would try a clean install from new downloads of all your applications.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  7. #7
    Join Date
    Aug 2004
    Posts
    242
    Joomla is easily hackable. I have seen a number of Joomla installs installs hacked by the infamous googlerank.info exploit. This has to do with file permissions, not with the host. If you don't fix it, it'll come back everyday, as it's controlled by a remote bot.

  8. #8
    thanks guys.
    calande what permissions are you talking about
    this seems more realistic to me, in my case at least.

  9. #9
    It's not Dreamhost's fault persay, it is the software (and addons) that you are using.

    You could parse the logs to see where the breach happened and then work to mitigate the damage the next time someone tries to plant blackhat SEO material underneath your domain name.

    (Best of luck!)

  10. #10
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,920
    calande what permissions are you talking about
    http://en.wikipedia.org/wiki/File_system_permissions
    http://en.wikipedia.org/wiki/Chmod

    FTP client software can help you set the file permissions too.

  11. #11
    Join Date
    Aug 2004
    Posts
    242
    Quote Originally Posted by lalten View Post
    calande what permissions are you talking about
    Here's what solved my problem. Assum your username is "calande", SSH into your account and do:

    Code:
    cd ~/www
    chmod -R 755 *
    chown -R calande:calande *

  12. #12
    Join Date
    Jan 2004
    Location
    Oztrayla Mate!
    Posts
    583
    Are you getting a bit of code placed in files called index, home and login just before the </body> tag?

  13. #13
    @calande this is one way, you can also do this from within Dreamhost's control panel.

  14. #14
    Join Date
    Aug 2004
    Posts
    242

  15. #15
    Join Date
    Jul 2007
    Posts
    82
    The main thing to check is to not have any 666 or 777 permissions. Those pose a security risk to your account. Typically this requires the host to be running phpsuexec though so your scripts run as your user instead of 'nobody'
    Newbies Rock. Oh wait, now I'm a Guru Wannabe!
    Go Wannabes!

    Disclaimer: My thoughts and opinions do not reflect any company I work for as they are mine and only mine.

  16. #16
    Quote Originally Posted by 1boss1 View Post
    Are you getting a bit of code placed in files called index, home and login just before the </body> tag?
    Yes thats exactly my problem.

  17. #17
    Any suggestions of preventing and/or finding the source of this leak?

  18. #18
    Join Date
    Oct 2007
    Posts
    75
    Quote Originally Posted by meltingcube View Post
    The main thing to check is to not have any 666 or 777 permissions. Those pose a security risk to your account. Typically this requires the host to be running phpsuexec though so your scripts run as your user instead of 'nobody'
    Would you mind giving a bit more information on this?

    I recently installed Joomla (1.5) as a default installation just to check how everything is as a default installation. As a convenience I chmod'd all the files of the Joomla installation (chmod -r) to 777 so I wouldn't have to worry about wrong permissions.

    How would this be a security risk while nobody but me can access the website with FTP/SSH?

  19. #19
    I read on a security list that there are a couple of 0-days for Joomla (addons) right now. Parse through Full-Disclosure or something like that and you'll find useful information.

  20. #20
    Join Date
    May 2006
    Location
    EU & USA
    Posts
    3,684
    Quote Originally Posted by Dedicational View Post
    Would you mind giving a bit more information on this?

    I recently installed Joomla (1.5) as a default installation just to check how everything is as a default installation. As a convenience I chmod'd all the files of the Joomla installation (chmod -r) to 777 so I wouldn't have to worry about wrong permissions.

    How would this be a security risk while nobody but me can access the website with FTP/SSH?
    Just that anyone else on the server can read/write to your files, including your configuration.php where your database and password are stored.

    Please read up on how to secure your joomla website at the joomla forums, what you have done now will get your site hacked sooner or later.

  21. #21
    Join Date
    Jun 2007
    Posts
    573
    Quote Originally Posted by Dedicational View Post
    Would you mind giving a bit more information on this?

    I recently installed Joomla (1.5) as a default installation just to check how everything is as a default installation. As a convenience I chmod'd all the files of the Joomla installation (chmod -r) to 777 so I wouldn't have to worry about wrong permissions.

    How would this be a security risk while nobody but me can access the website with FTP/SSH?
    Dedicational, if you are using Joomla 1.5, use the FTP write rather than the chmod 777.
    :: iMountain.com Solar Powered Hosting - Same location for 20 years
    :: Clustered, HSphere, Webhosting, VPS, Dedicated and Luxury clusters
    :: Specializing in Database clustering and optimization for vBulletin, Joomla and Wordpress sites.

  22. #22

    Friend happy

    One of my friend is happy with their services .... and the big disk space they are offering.
    Be on top !

  23. #23
    Join Date
    Oct 2007
    Posts
    75
    OK, thanks for the tips!

  24. #24
    Join Date
    Sep 2004
    Location
    Northern Europe.
    Posts
    2,573
    Looks like the bottom line is: NEVER chmod your folders to 777!


    -- And I'm glad DH seems not to have been at fault here, since I have weak spot for them (their whimsical, laid-back style).
    Web Hosting Reviews — based on real customer feedback
    77 Ways To More Traffic

  25. #25
    i heard the same problem before but i'm hosted in dreamhost as well and i'm very satisfied for now

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •